Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for concerto by versa-networks

    CVE-2025-34026 (GCVE-0-2025-34026)

    Vulnerability from nvd – Published: 2025-05-21 22:04 – Updated: 2026-01-23 14:34
    Title
    Versa Concerto Actuator Authentication Bypass Information Leak
    Summary
    The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Versa Concerto Affected: 12.1.2 , ≤ 12.2.0 (semver)
    Create a notification for this product.
    Credits
    ProjectDiscovery Harsh Jaiswal Rahul Maini Parth Malhotra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34026",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-23T14:34:03.184960Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-01-22",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34026"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-23T14:34:06.013Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34026"
              },
              {
                "tags": [
                  "vendor-advisory"
                ],
                "url": "https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "Traefik"
              ],
              "product": "Concerto",
              "vendor": "Versa",
              "versions": [
                {
                  "lessThanOrEqual": "12.2.0",
                  "status": "affected",
                  "version": "12.1.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:versa:concerto:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "12.2.0",
                      "versionStartIncluding": "12.1.2",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "sponsor",
              "value": "ProjectDiscovery"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Harsh Jaiswal"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Rahul Maini"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Parth Malhotra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.\u003cp\u003eThis issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.\u003c/p\u003e"
                }
              ],
              "value": "The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-131",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-131 Resource Leak Exposure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-28T19:42:27.561Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "mitigation"
              ],
              "url": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Versa Concerto Actuator Authentication Bypass Information Leak",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34026",
        "datePublished": "2025-05-21T22:04:58.832Z",
        "dateReserved": "2025-04-15T19:15:22.545Z",
        "dateUpdated": "2026-01-23T14:34:06.013Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-34026 (GCVE-0-2025-34026)

    Vulnerability from cvelistv5 – Published: 2025-05-21 22:04 – Updated: 2026-01-23 14:34
    Title
    Versa Concerto Actuator Authentication Bypass Information Leak
    Summary
    The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Versa Concerto Affected: 12.1.2 , ≤ 12.2.0 (semver)
    Create a notification for this product.
    Credits
    ProjectDiscovery Harsh Jaiswal Rahul Maini Parth Malhotra
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-34026",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-23T14:34:03.184960Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2026-01-22",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34026"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-23T14:34:06.013Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34026"
              },
              {
                "tags": [
                  "vendor-advisory"
                ],
                "url": "https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "modules": [
                "Traefik"
              ],
              "product": "Concerto",
              "vendor": "Versa",
              "versions": [
                {
                  "lessThanOrEqual": "12.2.0",
                  "status": "affected",
                  "version": "12.1.2",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:versa:concerto:*:*:*:*:*:*:*:*",
                      "versionEndIncluding": "12.2.0",
                      "versionStartIncluding": "12.1.2",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "sponsor",
              "value": "ProjectDiscovery"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Harsh Jaiswal"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Rahul Maini"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Parth Malhotra"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.\u003cp\u003eThis issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.\u003c/p\u003e"
                }
              ],
              "value": "The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-131",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-131 Resource Leak Exposure"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-28T19:42:27.561Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "mitigation"
              ],
              "url": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Versa Concerto Actuator Authentication Bypass Information Leak",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2025-34026",
        "datePublished": "2025-05-21T22:04:58.832Z",
        "dateReserved": "2025-04-15T19:15:22.545Z",
        "dateUpdated": "2026-01-23T14:34:06.013Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }